The PhoneBoy Blog

Simplifying Telecom, Mobile Phones, Gadgets, Health, and More!

Back Orifice, Mozilla Does Binaries, and NAT32

Back Orfice, Mozilla Does Binaries, and NAT32

Yeah, I know I was going to review the free web services. Later, I promise. Meanwhile, I have other things to share with you.

Last time, I was talking about VNC, a sort of a cross-platform PC Anywhere. It definately has promise as a remote management tool. But this week, I’ll talk about another remote management tool that has scarier implications: Back Orfice. Back Orfice was written by “Cult of the Dead Cow” and is billed as “a remote administration system which allows a user to control a Win95 machine over a network using a simple console or GUI application.” With this application, you can:

  • Look at the system information like logged in user, memory usage, and mounted disks
  • Look at drives that may be mounted
  • Look at what’s running on the system
  • Capture the screen

If that’s not scary enough for you, Back Orfice also allows for:

  • Looking at cached passwords (including network and screensaver passwords)
  • Remote file modifications
  • Registry modifications
  • Automatic redirection of network connections
  • Packet tracing (allows you to watch all network traffic in or out of the workstation
  • Upload and download files via HTTP

The worst part is, unless the user looks in the registry and/or stumbles across the executable, he will see no trace of Back Orfice anywhere on the system as it does not appear in any task lists. Worse, it can be attached to any executable and installed on your system without your knowledge.

I can see many legitimate uses for this application, but many people are using this program as a sort of "trojan horse" to get into people's PCs and cause trouble. The easiest way to avoid this threat is to practice safe computing: Don't download and run programs from unknown sources. There are applications that help protect against this threat, including Bardon Data System's free "Back Orfice Eliminator" Support for finding and destroying Back Orfice has been included into many commercial anti-virus applications as well. ## Mozilla Does Binaries Helping the folks at get a recent web browser out there may have just gotten easier. Mozilla started releasing their nightly builds of Mozilla to the general public. So far, the current builds have proven to be more stable than some of the earlier releases I've seen. It's still alpha quality software, though, and the binaries are time-bombed with a 30-day expiration so that you won't run it forever.  The binaries include support for Java, but still no support for mail or SSL (SSL will never happen because of export restrictions). ## NAT32 On a previous geek report, I talked about Network Address Translation and why it was cool. To review, NAT takes network traffic from any address and make it look like it is coming from or going to a different address. There has to be a multi-homed machine between the two networks that performs this translation in-stream. Large corporate networks and/or sites with a limited number of legal Internet address will use NAT to allow their corporate users to access the Internet and provide services without have to give each system a legal Internet address. The upshot of this is that I can allow my LAN to connect to the Internet using the single IP address my ISP gives to me when I dial up. NAT is completely transparent to most client software, though you will have to set up the TCP/IP on your LAN systems to have its "default route" set to the IP address of the machine on your LAN that does the NAT. Recently, I discovered a cheap ($25) program that does this: NAT32. It will run on Windows 95, 98, and NT (the NT version is $47, however) and allows a machine connected to the Internet with a analog, ISDN, or cable modem to share the internet connection with your LAN. All users on the LAN will have transparent access to the Internet, provided they use the NAT32 machine as the "default gateway." You can also use Microsoft's DialUp Networking server to allow people to dial into your system and use the Internet. The unregistered version will run for 60 minutes and then automatically quit. The registered version will not do this, and also supports dialing on demand.

#Cybersecurity Evangelist, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.